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Patent 

Attorney Docket No. 09005/015001 

SMART CARD CONTROL OF TERMINAL 
AND NETWORK RESOURCES 

This application claims the benefit of the filing of U.S. Provisional Patent 
Application No. 60/051,326, filed June 30, 1997. 

BACKGROUND OF THE INVENTION 
The invention relates to smart cards, and in particular to smart card control of 
5 terminal and network resources. 
^ Smart cards are used for a variety of applications including electronic game cards, 

ry identification badges, and data storage media such as electronic books. The smart cards are 
M typically encased in a tamper-resistant, plastic or metal housing about the size of a credit card 
H : and contain one or more embedded integrated circuit devices. Terminals, such as ID verification 
f 10 systems and electronic video games, etc., are available with one or more smart card interfaces 
S that permit connection of the smart card to the terminal 

S In traditional systems, the terminals or terminal device accesses the smart card 

through standard protocols, such as the ISO 7816 protocol. These protocols usually limit the 
smart cards to the role of "slave", while the terminal or terminal device acts as the "master". 

15 This means that the smart card cannot initiate any action or communication, but can only respond 
to specific commands from the terminal. A prior art terminal typically starts in the idle state 
(ST11), as shown in FIG. 1. The terminal then transmits a command to the smart card (ST12), 
and then waits for a response (ST13). After receiving the response from the smart card (ST 14), 
the terminal returns to the idle state (ST11). Similarly, as shown in FIG. 2, a prior art smart card 

20 begins with the smart card waiting for a command from the terminal (ST21). Upon receiving the 



command from the terminal (ST22), the smart card proceeds to prepare an appropriate response 
(ST23), transmits the response to the terminal (ST24), and returns to the wait state (ST21) to 
await the next command. Under the above scheme, there is no provision for the smart card to 
access resources controlled by the terminal. 
5 SUMMARY OF THE INVENTION 

In general, in one aspect, the invention relates to a smart card system. The system 
has a terminal and a smart card that is connected to the terminal and configured to initiate 
communication with the terminal. The smart card communicates with the terminal using a 
communications protocol that enables asynchronous communications between the smart card and 
y i0 the terminal. For systems that do not support asynchronous communication, the communications 
[H protocol also enables logical asynchronous communications. The system further comprises 
tl means for establishing full-duplex or logical full-duplex communication between the smart card 
J = and the terminal. The terminal may be connected to a host computer which is in turn connected 
to a network. The smart card can access the resources connected to the terminal, the host 
Ol5 computer, and the network. 

O In general, in another aspect, the invention relates to a smart card that has a 

communications circuit and a microcontroller. The microcontroller is configured to initiate 
communication with a terminal to which the smart card is connected. The smart card also has a 
storage unit that stores programs that are executed by the microcontroller and a memory unit that 
20 temporarily stores the programs. The terminal may be connected to a host computer and a 
network, and the smart card may access the resources connected to the terminal, the host 
computer, and the network. 
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In general, in another aspect, the invention relates to a method of operating a 
smart card. The method comprises transmitting a command from the smart card to the terminal, 
waiting for a response from the terminal, and receiving the response from the terminal. The 
smart card initiates communication with the terminal. A communications protocol, which may 
5 be configured to be ISO 7816 compatible, allows the smart card to communicate asynchronously 
with the terminal, or logically asynchronously with the terminal in cases where the actual 
asynchronous communication is not available. Additionally, the communication may occur in 
full-duplex mode. If a response is not received within a predefined time period, the smart card 
re-transmits the command. The method also comprises requesting a list of available services 
fto from the terminal and selecting a command based on the list of services. 

In general, in another aspect, the invention relates to a method of debugging a 
I j smart card. The method includes executing a diagnostic portion of a program stored on the smart 
s card, receiving a result from the smart card, and comparing the result with an expected result. 
H The method further includes displaying the result on a terminal display. 

D 15 Advantages of the invention include at least the following: smart card control of 

° terminal, host computer, and network resources; smart card-initiated communication with a 
terminal, host computer, and network; and asynchronous communication between a smart card 
and a terminal, host computer, and network. Other advantages will become apparent from the 
below description and the following claims. 
20 BRIEF DESCRIPTION OF THE DRAWINGS 

FIG. 1 is a state machine diagram of a prior art terminal. 
FIG. 2 is a state machine diagram of a prior art smart card. 
FIG. 3 is a block diagram of a smart card system. 
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FIG. 4 is a state machine diagram of the smart card of the present invention. 
FIG. 5 is a state machine diagram of the terminal of the present invention. 
FIG. 6 is a block diagram of a smart card communications scheme. 
FIG. 7 illustrates a smart card communications protocol. 
5 FIG. 8 is another embodiment of the smart card system. 

FIG. 9 is a method of operating a smart card. 
FIG. 10 is another method of operating a smart card. 
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT 

Throughout the description and the drawings, elements which are the same will be 
flo accorded the same reference numbers. 

~y s Referring to Fig. 3, a smart card systems 30 has a smart card 31 connected to a 

[1 terminal 32 which has terminal resources 33 available. The terminal resources 33 may be very 
J minimal, such as an input/output port for connecting to a host computer, or the resources 33 
■U could be more extensive, for example, a keyboard, monitor, modem, cash dispenser, and other 
05 specialized resources. 

O In some systems, the smart card 31 and the terminal 32 operate independently of 

any other devices. This is exemplified by portable value checker products which allow a 
particular value in the smart card 31 to be displayed by the terminal, and portable Mondex 
transaction devices which allow two smart cards 31 to be connected to a single terminal 32, and 
20 to transfer data between the two cards 3 1 . 

In other systems, the terminal resources 33 connect the terminal 32 to a host 
computer 34, which has certain host computer resources 35 available. These resources could 
include a network connection, keyboard, monitor, hard disk, and other types of resources 
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common to computers or specialized for a particular application. The smart card 31 can send 
commands to, and receive responses from, the host computer 34 through the terminal 32, and 
vice-versa. 

The host computer 34 optionally can be connected to a network 36 if the host 

5 computer resources 35 include a network port. This allows the host computer 34 to gain access 
to network resources 37, which include other computers, printers, storage devices, and other 
potential resources, including for example resources available on the Internet. In such systems, 
the smart card 31 can be used as a tamper-resistant storage unit for network passwords, keys, 
certificates, electronic cash, and other information which the host computer 34 uses for network 

10 access, electronic commerce, and other types of network applications. 

An advantage of the smart card 31 is that it is able to initiate communication with 
the terminal 32 and thereby become a "master" while the terminal 32 acts as a "slave", as 
illustrated in FIG. 4 and FIG. 5. Referring to FIG. 4, communications is in an idle state in the 
smart card 31 while the smart card 31 is processing data or waiting for some event to occur 

15 (ST41). When the smart card 31 needs to communicate with the terminal 32, it transmits a 
command (e.g., a display data command), or a message, or a packet of information to the 
terminal (ST42). After the transmission, the smart card 31 waits (ST43) until it receives a 
response (ST44) from the terminal 32 (e.g., an acknowledgement of the command). Once the 
response has been received, the smart card 31 returns to the idle state (ST41) until the card 

20 needs to communicate with the terminal 32 again. Under such a scheme, the smart card 3 1 may 
initiate communication with the terminal at any time. For example, if data or information from 
the terminal 32 which is needed by the smart card 31 to carry out a certain task is missing or 



-5- 



incomplete, rather than remain in an idle state awaiting further data transfer, the smart card 31 
can act proactively and request the missing information from the terminal 32. 

Referring to FIG. 5, terminal 32 waits in an idle state for a command from the 
smart card 31 (ST51). When a command is detected, the terminal 32 receives the command and 
5 prepares an appropriate response (ST52 and ST53). The terminal 32 then transmits the response 
to the smart card 31 (ST54) and returns to the idle state to await receipt of another command 
(ST51). 

In a similar way, the smart card 31 may access host computer resources 35 and 
network resources 37 by issuing, for example, a print command to a printer resource or a send 
y3l o network message command to a network messaging resource. 

nJ In some cases, it may be desirable to add time-out features to the smart card 3 1 so 

[* that if a response is not received in the allotted time, the smart card 31 takes alternative actions, 
T such as re-transmitting the command or transmitting a different command. 
U It should be noted that the state machine diagrams of FIGS. 4 and 5 represent 

Ol5 systems with only half-duplex communication between the smart card 31 and terminal 32. 
O Alternative systems may, of course, be designed to support full-duplex communication between 
the smart card 31 and terminal 32. For example, referring to FIG. 6, full-duplex communication 
between the smart card 31 and the terminal 32 may be implemented using two conventional RS- 
232 serial ports in both the smart card 31 and terminal 32. Serial ports 61 and 62 of the smart 
20 card 31 transmit and receive data to and from serial ports 63 and 64 in the terminal 32, 
respectively. Because the transmissions in one direction are independent in time relative to the 
transmissions in the other direction, the smart card 31 and the terminal 32 may communicate 
with each other asynchronously. 



-6- 



In contrast, systems that have only half-duplex physical channels are generally 
limited to synchronous communication and typically require synchronous communication 
protocols, e.g., the ISO 7816 protocol. However, such a system may implement a special low 
level protocol which appears as an asynchronous protocol interface to the higher level protocols. 

5 This will allow the devices in the system to communicate with each other and with external 
devices using high level protocols which require asynchronous communications. For example, a 
"polling protocol" may be used with a smart card 3 1 and a terminal 32 that support the ISO 78 1 6 
half-duplex low level protocols. In the polling protocol, the terminal 32 has an obligation to send 
packets to the smart card 31 at the earliest possible opportunity. In the case where there is no 

10 terminal data to be sent, a special class of instruction code may be sent to indicate to the smart 
card 31 that this is only a polling packet. If the smart card 31 is ready to send data to the 
terminal 32, it sends a response to the terminal 32 containing a byte which indicates the length of 
the data the smart card 32 is ready to send. The terminal 32 then responds with a special packet 
having a length which is equal to the length indicated by the smart card 31. This then allows the 

15 smart card 3 1 to send its data to the terminal 32, effectively allowing the smart card 3 1 to initiate 
communication with the terminal 32. The polling may be repeated at the maximum rate that is 
supported by the terminal 32. Such a low level protocol may be augmented by marking each 
message in each direction with a unique identifier, for example, a sequence number. This allows 
the responses in either direction to be deferred and sent later using the sequence number to 

20 correlate with the original messages. For example, if the terminal sent a message requiring a 
response, at the low level protocol the smart card could continue communicating other messages 
back and forth. Then, when the desired response is ready, the smart card 31 marks the response 
with the identification number of the initiating message. When the terminal 32 receives the 
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response, it correlates the response with the original message and returns the response value to 
the thread that initiated the message. Such a scheme also may permit the original thread to 
continue execution without waiting for the response, and allows the response to be passed back 
to the thread (or to another designated thread) using a callback mechanism. It will be 
5 appreciated that this logically presents what appears to be a full asynchronous interface to the 

higher level protocols. 

Asynchronous communication between the smart card 31 and the terminal 32 
allows more complex systems to be designed. For example, conventional packet protocols exist 
which would allow packets to be initiated by both the smart card 31 and terminal 32, which may 
flo result in multiple packets that are in various states of processing occurring at the same time. This 
K permits the use of high level features such as multi-threaded communications and callbacks. In 
H short, FIG. 4 and FIG. 5 are illustrative of the simplest state machines that implement smart card 
7 initiated communications, which is the key to this invention. It is well understood that other state 
U machines for both half-duplex and full-duplex communications can be devised, as well as non- 
Cl5 state based protocols, and are intended to fall within the scope of this invention if such 
G " communication protocols include card initiated communication. Since low level protocols based 
on this invention could allow asynchronous communication between the smart card 11 and the 
terminal 12, this can further enable high level communication protocols, such Remote Procedure 
Call and Remote Message Invocation, to be used. Such protocols can greatly enhance the value 
20 of the smart cards for many applications. In short, FIG. 4 and FIG. 5 illustrate only the simplest 
systems that implement smart card-initiated communications. Other systems having both half- 
duplex and full-duplex communications may be devised that, so long as they include smart card- 
initiated communication, are within the scope of the invention. 
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In another embodiment, a communications protocol, shown generally at 70 in 
FIG. 7 and in more detail in TABLE 1, defines the commands that the smart card can initiate 
with respect to the terminal, host computer, or network. The communications protocol 70 uses 
ISO 7816 escape commands with the existing ISO 7816 protocol to generate a new set of smart 

5 card-initiated commands. The use of the ISO 7816 escape commands allows the 
communications protocol 70 to retain backwards compatibility with standard ISO 7816 
commands. Each command in the communications protocol 70 is comprised of the following 
ISO 7816 fields: a class (CLA) field 71, an instruction (INS) field 72, a first parameter (PI) field 
73, a second parameter (P2) field 74, and a data (Data) field 75. Not every field is required for 

10 every command and some fields may be either left empty or filled with a null value. The fields 
themselves are standard ISO 7816 fields well known to one having ordinary skill in the art and 

will not be described here. 

The commands of the communications protocol 70 may be defined broadly such 
that not every terminal, host computer, network, or the resources connected thereto will have the 

15 service requested. When a particular service is not available, the communications protocol 70 
includes an error message which may be sent back to the smart card to indicate that the requested 
service is not available. In one embodiment, the communications protocol 70 includes a query 
command so that the smart card can query the terminal, host computer, or network to determine 
which services are available. In addition, the communications protocol 70 may use a global 

20 naming convention (e.g., the Domain Name Service (DNS)) such that the smart card may specify 
a particular resource on a global basis. 

Referring to TABLE 1, the commands defined in the communications protocol 70 
include the following: Display Request, Activate Input Scan, Request Data Length in Buffer, 
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Request Data in Buffer, Activate Secure ID Entry, Query Resources, and Send Network 
Message. The Display Request command allows the smart card to display information on the 
terminal, host computer, or network display device. A Java program implementing this 
command using the standard Java Card 1.0 specification is shown in Appendix A. The Activate 
5 Input Scan command scans for user input. The Request Data Length in Buffer command, which 
may be executed at any time, determines the length of the data in the input buffer. The Request 
Data in Buffer command reads the data entered in the terminal, host computer, or network input 
buffer. The Request a Secure ID Entry command requests identification information such as a 
username, password, or biometrics information such as a thumbprint or voiceprint. The Query 
Go Resources command, as indicated above, queries the terminal, host computer, or network for 
f * available services and resources. This command may also be used to determine other 
f 1 information such as available user input devices, secure ID devices, network connectivity, data 
T files, database availability, and other types of services were resources. The Send Network 
L Message command sends a message to a network computer which is identified by the standard 
as DNS node ID convention. This command is sent from the smart card to the host computer, 
D which must either receive and execute this command or return an error response to the smart 
card. If the network computer identified is the host computer, then the command is executed 
locally. Otherwise, the host computer routes the command through the network to the identified 
network computer. 

20 
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TABLE 1 



Communications protocol: Mapping To ISO 7816 Escape Commands 



Command Type 


CLA 


INS 


PI 


P2 


Data 


Response 


Display Request 


DO 


EO 


Fm 


Lc 


Disp Data 


90 00 (OK) 
6F 00 (Error) 


Activate Input Scan 


DO 


El 


00 


00 


None 


90 00 (OK) 
6F 00 (Error) 


Request Data Length In 
Buffer 


DO 


E2 


00 


00 


None 


Length + 90 00 (OK) 
6F 00 (Error) 


Request Data in Buffer 


DO 


E3 


00 


Ln 


None 


InputData + 90 00 (OK) 
6F 00 (Error) 


Activate Secure LD Entry 


DO 


E4 


00 


00 


None 


Length + IDData + 90 00 (OK) 
6F 00 (Error) 


Query terminal Resources 


DO 


E5 


Rs 


00 


None 


Length + ResData + 90 00 (OK) 
6F 00 (Error) 


Send Network Message 


DO 


E4 


Ld 


Lm 


ED + Msg 


Length + Response + 90 00 (OK) 
6F 00 (Error) 



The communications protocol 70 may, of course, be expanded as required to 
5 support other services. Furthermore, for systems that use full-duplex communication between 
the smart card and the terminal and do not require ISO 7816 compatibility, standard 
asynchronous callback mechanisms can be added to the protocol to expand functionality and 
improve performance greatly. For example, instead of sending a network message and waiting 
for a response, the smart card can continue normal processing. Once the response has been 
10 prepared by the DNS node that received the message, an asynchronous response message can be 
sent to the smart card. Other half-duplex and full-duplex communications protocols can be 
devised readily and are intended to fall within the scope of this invention if such communications 
protocols include card initiated communication. For example, a logical full-duplex scheme may 
be devised for systems that do not have actual full-duplex. 
15 Referring to FIG. 8, another embodiment of a smart card system 80 comprises a 

smart card 81 connected to a smart card terminal 32. The smart card 81 has an embedded 
microcontroller 82, memory unit 83, and storage unit 84, all of which are interconnected. The 
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microcontroller 82 executes smart card software and programs, carries out terminal instructions, 
and generally manages the flow of data to and from the smart card 81. In some embodiments, 
the microcontroller 82 may include a microprocessor (e.g., a 68HC05), a programmable array 
logic (PAL), an application-specific integrated circuit (ASIC), and/or other integrated circuit 

5 devices. The memory unit 83, which may include a random-access-memory (RAM), temporarily 
stores software and data used by the microcontroller 82 during program execution. The storage 
unit 84, which may include a read-only memory (ROM), stores the basic program codes and data 
that are needed to configure and operate the smart card 31. New or updated codes and data may 
be downloaded or programmed into the smart card 81 from time to time to upgrade the smart 

10 card 81. The smart card 81 also has a communications unit 85 that is connected to the 
microcontroller 82 and allows the microcontroller 82 to transfer data to and from the terminal 32 
and other external devices. Although shown as separate blocks, the microcontroller 82, memory 
unit 83, storage unit 84, and communications unit 85 may be combined into a single integrated 
circuit device or an otherwise reduced or expanded number of separate IC devices. 

15 The smart card 81 is connected to the terminal 32 by a smart card interface 86 

which facilitates communication between the smart card 81 and the terminal 32. The interface 
86 typically includes a smart card reader or reader/writer and a power supply, such as a battery, 
(not shown) that provides power to the smart card 81. In some embodiments, the interface 86 
physically engages the smart card 81. In other embodiments, however, the interface 86 may use 

20 inductive, capacitive, or optical coupling, or the interface 86 may use radio frequency signals to 
connect the smart card 81 to the terminal 32. 

In operation, the smart card 81 is able to access and control the terminal 32 and 
terminal resources 33 by initiating communication with the terminal 32 and terminal resources 
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33, contrary to conventional smart cards that only respond to received commands. Referring to 
FIG. 9, communication between the smart card 31 and the terminal 36 is established, for 
example, via an electronic handshake or series of handshakes (ST91). The smart card 81 than 
requests a list of available services from the terminal 32 (ST92). The list of services may vary 

5 depending on the type of terminal 32 (e.g., a video game, security system, etc.) and terminal 
resources 33. Once the list of available services or commands is received from the terminal 32 
(ST93), the smart card 81 sends a command to the terminal 32 based on the services that are 
available (ST94). The smart card 81 then checks to see if a response to the command has been 
received from the terminal 32 (ST95). If a response has been received, the smart card 81 

10 encrypts (ST97) and stores (ST98) any data received from the terminal 32, and prepares itself to 
send another command to the terminal 32 (ST94). If not, the smart card 81 checks to see if a 
predefined time period has expired or timed out (ST96). If the predefined time period has 
expired, then the smart card 81 re-transmits the command to the terminal 32 (ST94). If the 
predefined time period has not expired, the smart card 81 checks again to see if the response has 

1 5 been received from the terminal 32. 

The smart cards described above facilitate a wide range of new and innovative 
smart card applications heretofore unrealizable with conventional smart card architectures. 
Three such applications are disclosed below. 

Smart card programs are typically very difficult to develop and debug due to the 

20 lack of visibility into the cards necessitated by the strict security requirements of most smart card 
applications. The ability of the smart card to drive the terminal allows one having ordinary skill 
in the art to develop debugging applications that are resident on the card and program test 
harnesses to exercise difficult to reach sections of smart card code. Such applications can make 
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use of a terminal display to provide internal state and runtime trace information to assist in 
debugging card resident applications. Referring to FIG. 10, one such application begins with 
executing a debugging routine (ST101), for example, a memory test routine. After running the 
routine, the smart card outputs a result (ST102), such as, e.g., the number of rows and columns in 

5 the memory unit that passed the test. The results are compared with a known or predefined 
number of good rows and columns (ST103) and the results are displayed on the terminal display 
(ST104). In some embodiments, the user may use a terminal input device to select different 
sections of the smart card's program to execute. 

Network games traditionally have suffered from a lack of security, which allows 

10 devious players to manipulate stored data to enhance game attributes to the detriment of other 
players. This can result in general dissatisfaction with the game itself. The solution employed in 
some cases is to require all players to access a secure host computer which stores the gaming 
files; however, this slows down the host computer and limits the number of simultaneous players 
per game. With a smart card that is able to interact fully with the user and the network, a game 

15 may be stored and executed entirely on the smart card. Such a game benefits from the secure 
environment provided by the smart card and does not require a secure host. This removes the 
limit on the number of simultaneous players. Also, each player may interact directly with other 
players and be confident that the gaming information stored on the opponent's smart card is free 
from tampering. 

20 Solitaire games which reward high scores also are subject to such tampering by 

devious players, which has discouraged the deployment of such games. However, with the game 
and data files, including the prize validation information, stored securely and executed in a smart 
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card, these solitaire games can become more viable with dishonest play prevented and honest 
levels of achievement appropriately rewarded. 

It is to be understood that the embodiments described above are merely 
illustrative and that other arrangements can be devised by one of ordinary skill in the art at the 
time the invention was made without departing from the scope of the invention. 



